Setting cookie from Response Header Set-Cookie

eclipse-thingweb / node-wot

A fast and extensible framework to connect any device with your browser and backend applications

https://thingweb.io

Other

166 stars 80 forks source link

Setting cookie from Response Header Set-Cookie #1242

Open hasanheroglu opened 9 months ago

hasanheroglu commented 9 months ago

Me and @egekorkan encountered with a case where we need to send session information to interact with a Thing. Therefore we thought, the token can be sent as a cookie, when security scheme is defined as below. In case there are no problems with this kind of logic, I can implement it.

"securityDefinitions": {
    "bearer1": {
      "scheme": "bearer",
      "in": "cookie",
      "name": "session_name"
    }
  },
"security":` "bearer1",

egekorkan commented 9 months ago

Just some small clarifications:

session_name is custom per application so that will appear in TD but will be different each time.

We will use the credential storage with the same token config as usual:

servient.addCredentials({
"urn:dev:wot:org:eclipse:thingweb:my-example-secure": {
    token: "1/mZ1edKKACtPAb7zGlwSzvs72PvhAbGmB8K1ZrGxpcNM"
},
});

The session can expire so this needs to be adjusted over time. This is a use case for needing a more flexible credential storage but we can get around it for now

danielpeintner commented 9 months ago

In case there are no problems with this kind of logic, I can implement it.

Did you already experiment/test it with node-wot? I am curious to see what would need to change...

egekorkan commented 9 months ago

I am curious to see what would need to change

Only binding-http should be affected, I think